The Supreme Court has unanimously overturned the Court of Appeal’s 2019 decision in the case Lloyd (Respondent) v Google LLC (Appellant) which allowed the claimant, Mr Lloyd, to serve a representative action on Google on behalf of over four million iPhone users who were seeking damages for ‘loss of control’ of personal data.
Today (10 November 2021), the Supreme Court has unanimously overturned the Court of Appeal’s 2019 decision in the case Lloyd (Respondent) v Google LLC (Appellant) which allowed the claimant, Mr Lloyd, to serve a representative action on Google on behalf of over four million iPhone users who were seeking damages for ‘loss of control’ of personal data.
The Supreme Court has confirmed that compensation in respect of non-trivial breaches of the Data Protection Act 1998 (1998 Act) is only payable to the extent that a data subject has suffered material damage (i.e. financial loss) or mental distress. Contrary to the view of the Information Commissioner’s Office, the Supreme Court rejected the notion that data subjects should have a right to compensation for ‘loss of control’ of personal data under the 1998 Act.
The Supreme Court also found that the claim could not proceed due to the way it had been framed by the claimant in order to bring it within the scope of being a representative action.
Data lawyer at Browne Jacobson, Loren Hodgetts gave her reaction to the case:
“Whilst this case was heard under the 1998 Act, the principles will be relevant for the purposes of interpreting the meaning of damage under the GDPR.
“In a landscape where we are seeing an increasing number of compensation claims made by individuals against data controllers, this judgment provides a useful reminder that data subjects must show material damage (i.e. financial loss) or mental distress resulting from a breach in order to bring such claims.”
Browne Jacobson’s previous article on this case sets out the factual background in more detail.
Settlement agreements are commonplace in an employment context and are ordinarily used to provide the parties to the agreement with certainty following the conclusion of an employment relationship.
Claims arising from interest-only mortgages have been farmed in volume. Many such claims to date have sought to drive a narrative that interest-only mortgages are an inherently toxic product and brokers were negligent simply for suggesting them. Taylor is a helpful recalibration, focussing instead on what the monies raised by the mortgage product were being used for and whether the client understood the inherent risks.
A deepfake of Bruce Willis is advertising Russian mobile phones. Many great artistic and metaphysical questions are raised by this performance. However, this article is going to look at the intellectual property law implications, from a UK perspective.
The Digital Services Act (the “DSA”) has today (27 October) been given the go-ahead by the EU Council and will enter into force by early 2024.
In a judgment handed down yesterday the Supreme Court has affirmed that a so called “creditor duty” exists for directors such that in some circumstances company directors are required to act in accordance with, or to consider the interests of creditors. Those circumstances potentially arise when a company is insolvent or where there is a “probability” of an insolvency. We explore below the “trigger” for such a test to apply and its implications.
Created at the end of the Brexit transition period, Retained EU Law is a category of domestic law that consists of EU-derived legislation retained in our domestic legal framework by the European Union (Withdrawal) Act 2018. This was never intended to be a permanent arrangement as parliament promised to deal with retained EU law through the Retained EU Law (Revocation and Reform) Bill (the “Bill”).
Practice Direction 57AC (“PD57AC”) relates to witness evidence in trials and explicitly applies only to the Business and Property Courts. It applies to existing proceedings in which the witness statements for trial are signed on or after 6 April 2021.
It is clear that the digital landscape, often termed cyberspace, is a man-made environment, in which human behaviour dominates and where technology both influences and aids our role in it — through the internet, telecoms and networked computer systems, which are often interdependent. The extent to which any organisation is potentially vulnerable to cyber-attack depends on how well these elements are aligned.
The Supreme Court has unanimously dismissed the BTI v Sequana appeal and reviewed the existence, content and engagement of the so-called ‘creditor duty’; being the point at which the interest of creditors is said to intrude upon the decision-making of directors of companies in financial distress.
The increased use of artificial intelligence (AI) is revolutionising the way businesses operate and is having a disruptive impact in sectors that have traditionally been slow to modernise.
Since the UK left the EU and are now able to move away from the EU data protection regime, the UK government have implemented a national data strategy with the aim of reducing the burden on organisations but maintaining a high data protection standard.
In this article we look at local authority companies and whether they are subject to the Freedom of Information Act 2000. And for those that are, what information are they legally obliged to submit.
The Digital Markets Act (the “DMA”) joins the dots between competition law and data protection law and actively targets data-driven platforms. It is also a comprehensive regulation to take note of, with familiar GDPR-style fines tied to turnover.
In November 2021, The Civil Justice Council’s published its interim report on proposed changes to the current Pre-Action Protocols, which included a mandatory Alternative Dispute Resolution (ADR) gateway. In this article, we look at proposed reforms and consider what this could mean for your case.
The use of social media platforms and applications can have overwhelmingly positive benefits for public bodies. However, regulatory action recently taken by the Information Commissioner, has highlighted various pitfalls that public bodies should seek to avoid if allowing staff to use social media as a communication tool.
Janice Walsh applied for a job with Domino’s Pizza, hoping to secure a role as a Delivery Driver. However things quickly took a turn for the worse during her initial interview, with the very first question that she was asked relating to her age. Ms Walsh was ultimately informed that she had not been successful in her application.
The Court of Appeal has dismissed two cases regarding rent arrears accrued during the Covid lockdowns. The cases are London Trocadero (2015) LLP v Picturehouse Cinemas Ltd and Bank of New York Mellon (International) Ltd v Cine-UK Ltd.
In the recent case of Dwyer (UK Franchising) Limited v Fredbar Limited and ano’r [2022] EWCA Civ 889, the Court of Appeal considered the reasonableness of restrictive covenants in a franchise agreement.
The data protection legislation (namely, the UK GDPR and Data Protection Act 2018) contain various provisions that deal with the processing of personal data for research purposes.
The Employment Appeal Tribunal (EAT) decision in the case of Warburton v The Chief Constable.
Restrictive covenants are widely recognised as a complex area of employment law that is of key importance to many organisations. However more recently, they have become a hot topic with the Government launching their consultation.
In Nissan v Passi, the High Court recently considered the issue of an employee retaining confidential documents belonging to his former employer in the context of the employer’s application for an injunction seeking the return of such documents from the employee.
Public bodies will be pleased to hear that another significant court decision (Ali v Luton Borough Council [2022] EWHC 132 (QB)) has been made that is favourable to data controllers.
We regularly encounter disputes relating to Service Level Agreement provisions - here we provide four top tips that you can use to minimise disputes.
The Highway Code has had its first major revision since 2007. Amongst several changes, a new hierarchy has been created, with road users who are most likely to cause harm having the greatest responsibility to reduce the threat they may pose to other road users (rule 204 of the Code).
This article has five excellent top tips for strong data compliance in 2022, including; embracing near misses, leading from the top, outcomes-focused training, learning walks, consequences.
We were delighted to be joined by Dr Nigel Sturrock, Regional Medical Director for the Midlands at NHS England and NHS Improvement. He gave an overview of the pressures placed on the NHS by the pandemic, including the impact on urgent and emergency care, elective procedures and staffing.
Schools will need to comply with the requirements of the PAPDC or potentially face financial consequences. This article provides an overview of the PAPDC and explains how it applies to schools.
The cases summarised give considerable comfort to data controllers seeking to defend themselves against claims that relate to breaches arising as a result of a failure rather than a direct act and/or are based on assertions of damage or distress that are exaggerated, unsubstantiated or bear little relation to the breach itself.
Following on from our recent article on the release of the updated Code of Practice for dealing with commercial rent arrears that have accrued throughout the pandemic, we continue to highlight what the overall principles seek to ensure - fairness and proportionality for both landlords and tenants across each step of the arbitration process.
The Supreme Court has unanimously overturned the Court of Appeal’s 2019 decision in the case Lloyd (Respondent) v Google LLC (Appellant) which allowed the claimant, Mr Lloyd, to serve a representative action on Google on behalf of over four million iPhone users who were seeking damages for ‘loss of control’ of personal data.
It is an unfortunate reality that many local authorities face historical abuse claims, and often held vicariously liable for abuse by their former employees. We set out an overview of recoveries law and insight into successes we have had in recouping money for local authorities.
Cookies and similar technologies are a useful and often necessary tool for online businesses, but their use is governed by both the Privacy and Electronic Communications Regulations (PECR) and the GDPR.
The ‘new normal’ has brought with it a variety of different challenges and it has had an impact on nearly all facets of our lives, including the termination of contracts during these Covid-19 times.
The PAPDC does not apply to business to business debt only if the debtor is a sole trader. Much more information is required under the PAPDC within a letter of claim and debtors should be given more time to respond along with an opportunity to make payment proposals throughout the pre-action process.